@paul driverThank you for looking into it. I have already added the interfaces in bundle(channel-group X mode active). Relevant commands are also present. Could you please elaborate which command is missing?

Hello

Apologies - I couldn't see it on the attached file from my phone, after reviewing it now though i dont see the physical ports set as switchports unless they are already, I assume these ports are routed ports by default, so unless you make those ports layer 2 before you add them to a port channel then connection between the switch wont happen.

Try removing the port-channel, defaulting the physical interfaces and then recreate the PC after the physical ports are in switch-port mode.

@paul driver  It is completely ok. I am afraid that I will not be able to check it further today but I was continously getting the following syslog on my switch:

LACP currently not enabled on the remote port.

I would like to point that LACP was enable on the remote port. I will re-create the port-channel and wipe out any extra configurations and let you know.

@Georg Pauwen  Thank you for your reply. That was a typo for the interface being shut. Moreover, I had added this command (channel-protocol lacp) for troubleshooting purposes but it was to no avail. However, I will remove it as you suggested.

Hello,

also, from both ASAs, post the output of:

show cluster info

and from the switch:

show etherchannel summary

@Georg PauwenI am constantly receiving the following syslog on switch:

%EC-5-L3DONTBNDL2: Et0/1 suspended: LACP currently not enabled on the remote port

From first ASA:

ASA3# show cluster info
Cluster XXXX: On
Interface mode: spanned
This is "ASA3" in state MASTER
ID : 0
Version : 9.1(5)16
Serial No.: JMX1203L0NN
CCL IP : 10.100.203.1
CCL MAC : 5000.0023.0002
Last join : 14:42:34 UTC Oct 14 2019
Last leave: N/A
Other members in the cluster:
Unit "ASA4" in state SLAVE
ID : 1
Version : 9.1(5)16
Serial No.: JMX1203L0NN
CCL IP : 10.100.203.2
CCL MAC : 5000.0024.0002
Last join : 14:42:34 UTC Oct 14 2019
Last leave: N/A

Second ASA:

ASA3# show cluster info
Cluster XXXX: On
Interface mode: spanned
This is "ASA4" in state SLAVE
ID : 1
Version : 9.1(5)16
Serial No.: JMX1203L0NN
CCL IP : 10.100.203.2
CCL MAC : 5000.0024.0002
Last join : 14:42:48 UTC Oct 14 2019
Last leave: N/A
Other members in the cluster:
Unit "ASA3" in state MASTER
ID : 0
Version : 9.1(5)16
Serial No.: JMX1203L0NN
CCL IP : 10.100.203.1
CCL MAC : 5000.0023.0002
Last join : 14:42:34 UTC Oct 14 2019
Last leave: N/A

Switch output:

show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator

M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

A - formed by Auto LAG

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SD) LACP Et0/0(s) Et0/1(s) Et1/0(s)
Et1/1(s)

@Georg Pauwen  I have removed both the commands but the PC is not coming up.

Hello

did you remove the old PC config from the FW and set the physical interfaces to switchport mode?

Also try just creating the PC from the active ASA Only and use a static PC (no lacp) on both the switch and the FW- test  again 

Hi @paul driver . I did it with on and it worked. But don't you think that it is against span-clustering to work in any other mode than LACP?

Glad it’s now working - Sometimes lacp negotiation can inpead the aggregation from forming which obviously that is happening here  and as I understand it is indeed required for a spanned cluster however I’m not so sure if the cluster has to be in active/active HA scenario for it to work ? Probably need to check that!

Does the PC work when just connecting via the active asa and using lacp? If not have you tried using Cisco’s own proprietary link negotiation pagp ?

Hi @paul driver ,

I am practicing it on a Layer 2 (IOL image) switch and Cisco ASA image(asa915-16-k8-CL-L). Do you suspect any compatibility issues with these images?